From: Christophe Jaillet <jailletc36@apache.org>
Date: Wed, 27 Apr 2022 20:08:50 +0000 (+0000)
Subject: Harden mod_session and avoid overflow in case of indecently large session
X-Git-Tag: 2.5.0-alpha2-ci-test-only~362
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=caf4efca9f6bf6e14969b5662d7f47b010408940;p=thirdparty%2Fapache%2Fhttpd.git

Harden mod_session and avoid overflow in case of indecently large session

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900335 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index a41e58444f9..88b0df6635b 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -325,7 +325,8 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z,
 
 static int identity_count(void *v, const char *key, const char *val)
 {
-    int *count = v;
+    apr_size_t *count = v;
+
     *count += strlen(key) * 3 + strlen(val) * 3 + 2;
     return 1;
 }
@@ -333,7 +334,8 @@ static int identity_count(void *v, const char *key, const char *val)
 static int identity_concat(void *v, const char *key, const char *val)
 {
     char *slider = v;
-    int length = strlen(slider);
+    apr_size_t length = strlen(slider);
+
     slider += length;
     if (length) {
         *slider = '&';
@@ -363,7 +365,8 @@ static int identity_concat(void *v, const char *key, const char *val)
 static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
 {
     char *buffer = NULL;
-    int length = 0;
+    apr_size_t length = 0;
+
     if (z->expiry) {
         char *expiry = apr_psprintf(z->pool, "%" APR_INT64_T_FMT, z->expiry);
         apr_table_setn(z->entries, SESSION_EXPIRY, expiry);